The purpose of including a light-weight PKI system in ZMS is to provide a convenient and efficient way to manage and distribute certificates and keys used by the various components and proxies of the managed Zorp hosts. It is mainly aimed at providing certificates required for the secure communication between the different parts of the firewall system, for example, Zorp hosts and ZMS engine (the actual communication is realized by agents). The PKI of ZMS also provides a consistent and convenient tool to manage both internal and external certificates between the firewalls. ZMS can be set to perform the regular distribution of certificates and Certificate Revocation Lists (CRLs) automatically, ensuring that no invalid or revoked certificate can be used.
Note |
---|
It has to be noted that the PKI of Zorp is not a general purpose PKI system, consequently it is not recommended to be used as such. It was designed and intended for internal use between the components of the firewall system (to secure the communication between Zorp hosts and ZMS servers, monitoring agents, and so on), and to manage external certificates available on the managed hosts. |
Tip |
---|
The PKI system of ZMS can also manage certificates signed by external CAs. This is useful because ZMS provides an efficient way to handle the distribution of certificates among the managed hosts. |
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu